FxCop: Policing Code Correctness

In today's programming world it's not enough that your application works—it must work reliably and in a secure manner. John Mueller discusses how Microsoft created FxCop to help developers meet the best-practices requirements for application building.

Like this article? We recommend

Like this article? We recommend

At one time, developers considered it a good day when they got their code to
run on the first or second try. Users were happy, too, because a lot of code
simply didn't work. Today, however, the computing environment has become a
lot more complex. It's not enough that your application worksit must
work reliably and in a secure manner. In addition, the application must be easy
to update and use with other applications. In short, code today must meet a
certain level of "correctness" in addition to working correctly.
Microsoft created FxCop to help developers meet best-practices
requirements for application building. FxCop makes it easy for developers to
learn the correctness rules that modern application development requires. The
resulting application is easier to understand and maintainit runs more
reliably and with fewer security errors.

Getting FxCop

When you download
the latest version of FxCop, make sure that you get the product for the version
of the .NET Framework you have, either 1.0 or 1.1. The package includes both
command-line and GUI versions of FxCop that you can use in a variety of
ways.

You'll also want to download the
FxCop video,
which explains the reasoning behind FxCop, covers the essential techniques
involved, and tells where FxCop is heading. Generally, it appears that Microsoft
plans to add new rules to future versions, as well as make the product easier to
expand. The video doesn't actually show you how to use FxCop, though, which
is why I wrote this article.

Using the FxCop GUI

The easiest way to use FxCop is to create your application and then use the
GUI to analyze the result:

Click Add Target for Analysis and select the application you want to
check.

At this point, you can click Analyze to see the result.

Figure 1 shows the result of testing a very simple application. I didn't
change any of the default settings or add any code that wasn't absolutely
necessary to make the application work. The application includes a simple push
button named Test. Clicking Test displays a message box saying that this is a
test. As Figure 1 shows, however, even a simple application can break the
rules.

The right side of the display shows a breakdown of the application. Click
a particular level to see the problems with that portion of the application. In
this case, I've selected the application, so you're seeing all the
problems that FxCop found.

Figure
1 Even simple applications that contain very little code can break the
correctness rules..

To read more about a particular problem, double-click it; FxCop displays
a dialog box like the one shown in Figure 2. I selected the Rule Details tab in
the figure because it shows the kind of information that FxCop provides.
You're not expected to know how to fix the problemFxCop provides
guidance that really makes the process easy.